<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=us-ascii"> <meta name="Generator" content="Microsoft Exchange Server">  <style></style> </head> <body> <font face="Calibri, sans-serif" size="2"> <div>Hi,</div> <div>I was hoping you could provide some help with audit rotation vs. logrotate</div> <div> </div> <div>I’m running REL 5 SElinux</div> <div>In my daily.con I have 2 cron jobs that I believe should manage the ‘audit.log’ file; audit.cron and logrotate</div> <div> </div> <div>My audit.cron includes:</div> <div> <font face="Tahoma, sans-serif" size="2" color="#0000FF">service auditd rotate</font></div> <div> </div> <div>Does this imply that the log always gets rotated, or is this based on other conditional checks?</div> <div>There are no other parameters in the audit.cron, so I don’t see where ‘max_log_size_action’ or ‘max_log_file_action’ are checked. </div> <div>Here is my auditd.conf</div> <div> </div> <div> </div> <div>Also, I’ve read that cron doesn’t like files with a period (.) in the name – is this an issue with REL 5?</div> <div> </div> <div>…</div> <div> </div> <div>My Logrotate.conf is attached</div> <div> </div> <div> </div> <div>My logrotate.d contains this file:</div> <div> </div> <div> </div> <div> </div> <div>My basic questions is wouldn’t the audit.cron, if it actually rotates the log, preclude the logrotate from properly capturing the right log files monthly?</div> <div>Also, if I wanted to ensure no audit.log data ever gets deleted, could I simply increase the ‘rotate 12’ statement to something like ‘rotate 60’ to keep 5 years of data (provided the disk doesn’t get full).</div> <div> </div> <div>FYI, there is another utility that archives the log files and gives the user the option to delete files after they are archived.</div> <div> </div> <div>A response within a couple days, if possible, would be great.</div> <div>Thanks for your help. </div> <div> </div> <div>Pat Dole</div> <div>General Dynamics AIS</div> <div> </div> <div> </div> </font> </body> </html>